Web Application Security
CSRF through POST Dec 15 2009 12:57AM
Robin Wood (dninja gmail com) (2 replies)
Re: CSRF through POST Dec 22 2009 08:00AM
Himanshu Goyal (idhimanshu gmail com)
Re: CSRF through POST Dec 16 2009 04:37PM
arvind doraiswamy (arvind doraiswamy gmail com) (1 replies)
Re: CSRF through POST Dec 16 2009 04:47PM
Robin Wood (dninja gmail com) (2 replies)
Re: CSRF through POST Dec 24 2009 10:26AM
Amish Shah (amish net-square com) (1 replies)
Re: CSRF through POST Dec 27 2009 05:55AM
YGN Ethical Hacker Group (lists yehg net)
You can forge HTTP Post using any feasible browser plugins such as
Flash (AS), SilverLight, Java Applet.
Flash is said to be a feasible way to take over victim's sessions via CSRF.

[flash]
var req:LoadVars=new LoadVars();
req.addRequestHeader("Foo","Bar");
req.decode("a=b&c=d");
req.send("http://www.vuln.site/some/page.cgi?p1=v1&p2=v2",
"_blank","POST");
[/flash]

http://www.shinedraw.com/data-handling/flash-vs-silverlight-simple-http-
post-request/
http://www.securiteam.com/securityreviews/5KP0M1FJ5E.html
http://forums.sun.com/thread.jspa?threadID=645830

--
YGN Ethical Hacker Group
Yangon, Myanmar
http://yehg.net

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

[ reply ]
RE: CSRF through POST Dec 21 2009 01:47PM
boaz shunami rsa com (1 replies)
Re: CSRF through POST Dec 22 2009 03:59AM
chr1x (chr1x sectester net) (1 replies)
Re: CSRF through POST Dec 22 2009 09:22AM
Robin Wood (dninja gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus